search

blue-jay / blueprint

Blueprint for your next web application in Go.
https://blue-jay.github.io/
MIT License
482 stars 77 forks source link

How to disable CSRF on API modules? #63

Closed jwthanh closed 7 years ago

jwthanh commented 7 years ago

  1. Which commit are you using? e65ca2b

  2. Which operating system, processor architecture, and Go version are you using (go env)? Mac OS X 10.12.4 Golang 1.7.5

  3. What did you do? Create new module to implement Restful API

  4. What did you expect to see? Disable CSRF on only API module

  5. What did you actually see? Every POST request require a valid CSRF token

josephspurrier commented 7 years ago

You can disable the CSRF completely from here - if you only want to apply it to certain routes, you can change the handlers around so only certain middleware apply to certain routes: https://github.com/blue-jay/blueprint/blob/master/lib/boot/middleware.go#L17

All the settings for CSRF can be set here: https://github.com/blue-jay/blueprint/blob/master/lib/boot/xsrf.go#L25

jwthanh commented 7 years ago

Thank you, so I must disable the CSRF completely then apply it to certain routes that I want to handle CSRF?

josephspurrier commented 7 years ago

Yes, that is correct.